Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

Malvertising Thrives in 'Shady' Parts of Highly-Automated Ad Networks

For two days in mid-March, visitors to major news and information sites—such as the New York Times, Newsweek, The Hill and the Weather Network—may have been redirected to Web servers that attempted to infect visitors' systems with a variant of the Angler exploit kit and, ultimately, ransomware.

So far, the impact of the attack is unknown, but a single antivirus vendor, Trend Micro, recorded 41,000 infection attempts among its users between March 12 and 14. The attack hit visitors to AOL, the BBC, NFL, The Hill, Newsweek, the New York Times, MSN, Realtor.com, The Weather Network and the Xfinity portal, according to Malwarebytes, an endpoint security firm.

Another attack used ads on the site of a major British newspaper, The Daily Mail, to attempt to infect visitors the same week, but was likely part of a different campaign, the firm stated.

Overall, the attacks demonstrate that attackers can readily exploit weaknesses in the complex ad market and take advantage of the trust in publisher brands that have little to do with the trustworthiness of the ad content, Craig Young, security researcher with the vulnerabilities exposures research team (VERT) at Tripwire, told eWEEK.

Further reading

"It is exploiting the fact that people have trust for popular Websites," he said. "If you go to the Website of a major newspaper, you are going to expect that it will have sanitized content. You would expect that an attacker would have to breach the security of the publisher to put something on the site."

However, malvertising makes an end-run around that assumed security, he said.

"Shady" ad networks

No wonder, then, that malvertising is—at least anecdotally—on the rise. Such attacks are happening more often—albeit, not always on such well-known sites—because attackers are becoming more sophisticated and more at ease with the complexities of the ad market, Jerome Segura, senior security researcher with Malwarebytes, told eWEEK.

"There are daily attacks and they typically happen via ad networks that are a bit shady, and by 'shady,' I mean companies that have very lax security practices," Segura said.

The advertising ecosystem is very complex, and that complexity allows attackers to thrive in the "shady" parts of the ecosystem—those areas where top-line publishers, advertisers and ad networks may not have visibility, he said.

Norman Guadagno, chief evangelist for data-backup and security firm Carbonite and a former ad agency representative, also argued that the complexity makes malvertising a tough problem to solve. Every day, advertising networks deliver some 314 billion ad impressions to Website visitors, according to Guadagno, citing numbers from the Goodway Group, an online marketer.

"It is a problem that is rooted fundamentally in the complexity of the ad ecosystem," he told eWEEK. "Between all the ad networks, all the sites, all the ads being served, all the code being used to make ads—it is a big, insanely complex ecosystem that has vulnerabilities."

Ad-savvy attackers

While the complexity of the advertising ecosystem helps malvertising hide, attackers are also becoming more knowledgeable about how to take advantage of that complexity.

In a recent study of one malvertising campaign, Malwarebytes found that attackers used targeted ads to focus on certain segments of the consumer marketplace and have started adding code to their ad banners that fingerprint the targeted computer, determining its operating system, browser and what security software it may be running, according to the firm.